CVE-2026-22982
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.6 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.121 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.66 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.161 (exc) |
| linux | linux_kernel | From 5.12 (inc) to 5.15.198 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a crash issue in the Linux kernel's mscc ocelot driver. It occurs when adding an interface under a link aggregation group (lag) due to the ocelot_set_aggr_pgids() function accessing NULL pointers for unused ports in the ocelot_vsc7514.c frontend. This leads to a kernel crash because the code does not properly check if the port pointer is valid before using it.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash when adding an interface under a lag in systems using the affected mscc ocelot driver. Such crashes can lead to system instability, downtime, and potential disruption of network services relying on the affected hardware and driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the ocelot driver crash when adding an interface under a lag. The fix involves checking the validity of port pointers before accessing them, preventing NULL pointer dereference crashes.